by
James Newsome, Dawn Song
- In Network and Distributed Systems Security Symposium, 2005

"... Software vulnerabilities have had a devastating effect on the Internet. Worms such as CodeRed and Slammer can compromise hundreds of thousands of hosts within hours or even minutes, and cause millions of dollars of damage [32, 51]. To successfully combat these fast automatic Internet attacks, we nee ..."

Software vulnerabilities have had a devastating effect on the Internet. Worms such as CodeRed and Slammer can compromise hundreds of thousands of hosts within hours or even minutes, and cause millions of dollars of damage [32, 51]. To successfully combat these fast automatic Internet attacks, we

"... This tutorial paper explores the mechanics of protecting computer-stored information from unauthorized use or modification. It concentrates on those architectural structures--whether hardware or software--that are necessary to support information protection. The paper develops in three main sections ..."

of detail in the second section may wish to skip to Section III, which reviews the state of the art and current research projects and provides suggestions for further reading. Glossary The following glossary provides, for reference, brief definitions for several terms as used in this paper in the context

We describe an operating system architecture that securely multiplexes machine resources while permitting an unprecedented degree of application-specific customization of traditional operating system abstractions. By abstracting physical hardware resources, traditional operating systems have significantly limited the performance, flexibility, and functionality of applications. The exokernel architecture removes these limitations by allowing untrusted software to implement traditional operating system abstractions entirely at application-level. We have implemented a prototype exokernel-based system that includes Aegis, an exokernel, and ExOS, an untrusted application-level operating system. Aegis defines the low-level interface to machine resources. Applications can allocate and use machine resources, efficiently handle events, and participate in resource revocation. Measurements show that most primitive Aegis operations are 10–100 times faster than Ultrix,a mature monolithic UNIX operating system. ExOS implements processes, virtual memory, and inter-process communication abstractions entirely within a library. Measurements show that ExOS’s application-level virtual memory and IPC primitives are 5–50 times faster than Ultrix’s primitives. These results demonstrate that the exokernel operating system design is practical and offers an excellent combination of performance and flexibility. 1

"... Syntax of a very simple programming language called L. What is abstract about it will be discussed a little here and later at greater length. For us syntax is a collection of syntactic sets of phrases; each set corresponds to a different type of phrase. Some of these sets are very simple and can be ..."

Syntax of a very simple programming language called L. What is abstract about it will be discussed a little here and later at greater length. For us syntax is a collection of syntactic sets of phrases; each set corresponds to a different type of phrase. Some of these sets are very simple and can be taken as given: Truthvalues This is the set T = ftt; ffg and is ranged over by (the metavariable) t (and we also happily employ for this (and any other) metavariable sub- and super-scripts to generate other metavariables: t ; t 0 ; t 1k ).

"... process naming to allow libraries to describe their communication in terms suitable to their own data structures and algorithms, ffl The ability to "adorn" a set of communicating processes with additional user-defined attributes, such as extra collective operations. This mechanism should ..."

process naming to allow libraries to describe their communication in terms suitable to their own data structures and algorithms, ffl The ability to "adorn" a set of communicating processes with additional user-defined attributes, such as extra collective operations. This mechanism should

"... Abstract—Developers often consult online tutorials and mes-sage boards to find solutions to their programming issues. Among the many online resources, Question & Answer websites are gaining popularity. This is no wonder if we consider a case like Stack Overflow, where more than 92 % questions on ..."

"... this paper we discuss four major problems we have observed in our developing and deploying wide-area distributed object applications and middleware. First, most programs are developed ignoring the variable wide area conditions. Second, when application programmers do try to handle these conditions, ..."

components which deal with these conditions, so code sharing becomes impractical. In this paper we also describe our architecture, Quality of Service for CORBA Objects (QuO), which we have developed to overcome these limitations and integrate their solution by providing QoS abstractions to CORBA objects